VYPR

Maven package

org.apache.avro/avro

pkg:maven/org.apache.avro/avro

Vulnerabilities (2)

  • CVE-2024-47561Oct 3, 2024
    affected < 1.11.4fixed 1.11.4

    Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4  or 1.12.0, which fix this issue.

  • CVE-2023-39410Sep 29, 2023
    affected < 1.11.3fixed 1.11.3

    When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should up